Today's rampaging Love Bug virus got me thinking about viruses in
general, and exposures to web browsers, in particular.
I am a Mac user so I don't have personal experience (other than
testing) with windows browsers.
It appears that two recent trends have increased exposure to viruses:
1) integrating the browser and the OS (to give each more capability).
2) enhancing browsers, giving them the capability to execute program scripts
on the local computer at the direction of (or in collaboration with)
server-side programming.
Usually, the server downloads the script to the browser, where it is executed.
Nothing new there, we've been doing that for years with Java and JavaScript.
But these languages could not, by definition, access the local file
system and OS, nor could they exceed or alter the capabilities of the
browser.
It appears that this new generation of enhanced, integrated browsers
have capabilities beyond the self-imposed restrictions of Java and
JavaSscript.
some examples are:
WYSIWYG Browsers for Content entry
Browsers that can display interactive charts or spread sheets using
local application function
Proprietary packages for vertical apps such as Loan applications, stock
brokers, financial tools, etc.
Unless I am mistaken, these enhanced browsers do their magic by
executing scripts which have access to the internals of the browser,
and by implication, the OS.
If this is true, isn't this a back door to the OS that could be
easily breached?
Aren't the browser-enhancement scripts written in the same language
(VBS) that was used by the Love Bug virus.
If so, couldn't such a virus be distributed and *invoked* by merely
accessing a web page with an enhanced browser?
This would be much more insidious than an email-distributed virus
where the user must invoke the virus.
I have several clients who are considering enhanced browsers for
content creation... would they be putting themselves at risk?
Is there a way to avail yourself of enhanced browser features without
exposing yourself to hackers/viruses?
Concerned
Dick
------------------------------------------------------------------------------
Archives: http://www.eGroups.com/list/cf-talk
To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or send a
message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
